• State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 25 subscribers
  • Views 1744 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NetFlow Export Issues on Cisco WS-C3560X-48P with C3KX-NM-1G

michael.fusco

Hello All,

Just looking for a confirmation if a Cisco WS-C3560X-48P (Cisco C3560X) with a C3KX-NM-1G (FRULink 1G Module) will export Flexible NetFlow or NetFlow records?

Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 15.0(2)SE4, RELEASE SOFTWARE (fc1)

Here is the Running Config:

I did both methods neither show traffic?

ip flow-egress input-interface

ip flow-cache timeout active 15

ip flow-export source GigabitEthernet0/48

ip flow-export version 9

ip flow-export destination 10.x.x.x 2055

#show ip flow interface

Vlan254

  ip flow ingress

  ip flow egress

GigabitEthernet0/48

  ip flow ingress

  ip flow egress

GigabitEthernet1/1

  ip flow ingress

  ip flow egress

#show ip flow export

Flow export v9 is enabled for main cache

  Export source and destination details :

  VRF ID : Default

    Source(1)       10.180.175.1 (GigabitEthernet0/48)

    Destination(1)  10.15.254.22 (2055)

  Version 9 flow records

  0 flows exported in 0 udp datagrams

  0 flows failed due to lack of export packet

  0 export packets were sent up to process level

NOTE: I an unable to assign the Monitor to any phy or vlan interfaces:

(config-if)#ip flow monitor NetFlowMonitor input

% Flow Monitor: 'NetFlowMonitor' could not be added.

Per: SolarWinds Knowledge Base :: Required flow template fields

flow record SolarWinds

description Solarwinds Flow Template

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input physical snmp

match interface output physical snmp

collect counter bytes

collect counter packets

flow exporter NTA

destination 10.x.x.x

source GigabitEthernet0/48

transport udp 2055

export-protocol netflow-v5

option interface-table

option exporter-stats

flow monitor NetFlowMonitor

record SolarWinds

exporter NTA

#show flow exporter

Flow Exporter NTA:

  Export protocol:          NetFlow Version 5

  Transport Configuration:

    Destination IP address: 10.x.x.x

    Source IP address:      10.y.y.y

    Source Interface:       GigabitEthernet0/48

    Transport Protocol:     UDP

    Destination Port:       2055

    Source Port:            53509

    DSCP:                   0x0

    TTL:                    255

    Output Features:        Not Used

  Options Configuration:

    interface-table (timeout 600 seconds)

    exporter-stats (timeout 600 seconds)

#show flow monitor

Flow Monitor NetFlowMonitor:

  Description:       User defined

  Flow Record:       SolarWinds

  Flow Exporter:     NTA (inactive)

  Cache:

    Type:              normal

    Status:            not allocated

    Size:              128 entries / 0 bytes

  Cache:

    Type:              normal (Platform cache)

    Status:            not allocated

    Size:              Unknown

  Timers:

                       Local        Global

    Inactive Timeout:  15 secs

    Active Timeout:    1800 secs    1800 secs

    Update Timeout:    1800 secs

#show flow record

flow record SolarWinds:

  Description:        Solarwinds Flow Template

  No. of users:       1

  Total field space:  29 bytes

  Fields:

    match ipv4 protocol

    match ipv4 source address

    match ipv4 destination address

    match transport source-port

    match transport destination-port

    match interface input physical snmp

    match interface output physical snmp

    collect counter bytes

    collect counter packets

  • 0

    I don't think you'll be able to use Netflow on that platform without the C3KX-SM-10G, which is the services module for the 3560x/3750x.

    If you look at the Configuration guide, it says:

    Flexible NetFlow is supported only on the Catalyst 3750-X and 3560-X switch running the IP base or IP services feature set and equipped with the network services module. It is not supported on switches running the NPE or the LAN base image.

    If you look at the datasheet for the 3560x/3750x, Table 3, it shows that only the services module supports Netflow.

  • 0

    Branfarm is correct,

    See link below for more examples.

    http://http://www.solarwinds.com/documentation/NetFlow/docs/NetFlowDeviceConfiguration.pdf. 

  • 0 in reply to branfarm

    http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-x-series-switches/data_sheet_c78-584733.html

    Service Module

    The new Cisco Service Module offers enhanced security and Flexible Netflow (FNF) features on the uplink ports of the Catalyst 3750-X and 3560-X. The service module is supported with IP Base or IP Services feature set. It can be used with SFP or SFP+ at 1G or 10G speeds. The new Cisco Service Module has custom dedicated hardware for FNF monitoring, separate from the dedicated hardware for MACSec. Therefore there is no impact on packet forwarding performance & latency. It offers flexibility with the user being able to define flows.

    Cisco C3KX-NM-1G  Catalyst Network Module ~ $200.00 USD

    vs.

    Cisco C3KX-SM-10G Catalyst Service Module ~$1700.00 USD

    So there is no other Option to get a "Service Module" or Software NetFlow on Cisco Catalyst 3750X or 3560X?

    We Deployed the 3560X in Branches with Up-Link to MPLS Carrier Ethernet (Cheap and effective) but would like to have some NetFlow information.

    If this is Cisco being Cisco, i appreciate the communities assistance.

  • 0 in reply to michael.fusco

    Unfortunately, this is a limitation with the switch hardware, and requires the higher priced service module.  The service module has specific hardware for enabling Netflow functionality, and without it, you just can't gather netflow data.   This is not entirely unheard of either -- older 4500 models required an additional hardware component on the supervisor module to enable Netflow collection.

    The paragraph you referenced is stating that you can use the 10G service module interfaces at either 1G or 10G speeds, and does not imply the netflow functionality exists on any of the 10G or 1G network module options.

  • 0 in reply to michael.fusco

    Another thing to keep in mind about the C3KX-SM-10G is that it only allows you to collect NetFlow data about traffic that traverses the uplink ports on the module. You still can't get port-to-port NetFlow data if the traffic doesn't cross the service module ports.

    One other solution is to port-mirror your traffic to a NetFlow probe. Do a Thwack search for "nProbe"; some people have implemented that successfully with NTA. Netfort might also work; I'm not sure.

  • 0

    Excellent Information all Around!

    A) The Fact the C3KX-SM-10G only pulls netflow on the Up-link (i be pissed) if i just spent 1700 USD to find out 0/1-48 still can't send traffic

    B) I have seen may videos and links to nProbe and wanted to attempt "proper" NetFlow before going that route.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.